HTTP Digest + Rspec

Question

I have a pretty basic HTTP Digest Authentication setup on my Rails 3 app. It mostly follows examples found in the Rails Controller Guide:

My ApplicationController has a before_filter:

def digest_authenticate
  success = authenticate_or_request_with_http_digest("Application") do |username|
    APP_CONFIG["admin"]
  end
end

This all works great. Pages are protected as they should be.

I'm now trying to test this in RSpec and failing miserably.

I followed this SO accepted answer and put the authenticate_with_http_digest method in a support file. Here's my actual test:

describe DashboardController do
  describe "GET 'index'" do
    it "returns http success" do
      authenticate_with_http_digest(foo, bar, baz)

      visit root_path
      response.should be_success
      response.code.should == '200'
    end
  end
end

A few problems:

The tests are passing every time, whether or not I call authenticate_with_http_digest
The arguments I'm passing to authenticate_with_http_digest are bogus, and don't seem to matter. Shouldn't these need to match what I have stored in APP_CONFIG["admin"]?
If I print out the value of success from my digest_authenticate before_filter, it always prints out 401, even if I do pass the correct parameters to my rspec helper.

Any ideas how to effectively test HTTP Digest Authentication?

Thanks!

In a controller test you should be using `get :index` rather than `visit root_path`. The visit approach is a request spec/capybara tool not a controller testing tool. — nmott, Dec 19 '12 at 12:14
ahh, perfect! Please put this as an answer so I can mark it as correct. — djibouti33, Dec 19 '12 at 16:30

score 2 · Accepted Answer · answered Dec 20 '12 at 00:16

For controller tests you should use the get :index call rather than the visit root_path call. This will work for any valid combination of HTTP verbs and Rails actions you are controller testing.

The visit method is part of Capybara and should be used in request specs only.

HTTP Digest + Rspec

1 Answers1